The Official Mac AntiVirus and Firewall FAQ

rudeboyyouth · Dec 13, 2009

Is anyone familiar with the ProtectMac antivirus that's available for download on the Apple Website? I downloaded the 30 day free trial version, but I'm not sure how effective it is in comparison to something like Norton for Mac. I definitely want to purchase some type of anti-virus for my macbook. I'm just curious as to how a program like ProtectMac measures up against another anti virus program like Norton for Mac.

cwa107 · Dec 13, 2009

Read the link posted directly above your post.

DrEwTiMe42o · Dec 17, 2009

cwa107 said:
There are no and have never been any true viruses for Mac OS X.

There are a couple of Trojans, but they can be easily avoided simply by not downloading pirated software and/or downloading video "plug-ins" from untrusted sources (like porn sites). And that's pretty much the gist of it.

I have a quick question, would a virus scanner pick up these said "Trojans" if my computer did happen to have them or is there something else i need to scan for them. Im all about just seeing if i have come in contact with them because i have downloaded free movies and programs in the past.

cwa107 · Dec 17, 2009

DrEwTiMe42o said:
I have a quick question, would a virus scanner pick up these said "Trojans" if my computer did happen to have them or is there something else i need to scan for them. Im all about just seeing if i have come in contact with them because i have downloaded free movies and programs in the past.

One would hope, but a quick Google will yield quick instructions on how to remove these nuisances as well. Remember, we're talking about 2 or 3 very unintelligent trojans. And of course, if you're not experiencing any problems, chances are you haven't come into contact with them.

OnceYouGoMac · Jan 1, 2010

I am sure this post will get me flamed lol and I mean no harm, but why have a "forum" if you are just supposed to search archives? Isn't that more like "research," and isn't the purpose of a "forum" to have human interaction?

New2TheMac · Jan 13, 2010

Please help a new Mac user out!

I just started using my Macbook today. When I started it up it went through the set up process. Part of that process was setting up my internet internet connection. I didn't set it up at the start but it listed several wireless connections, my guess would be internet connections in my neighborhood. I didn't connect to any of them, but if I was able to see these connections would they have been able to connect to me? The firewall wasn't enabled by default, but I did enable it afterward.

Also, when I installed ClamXav and Adobe flash I had to enter my password to do so. I also had to do this the first time I ran software update. Is this normal? And is there anyway to make sure my Macbook is safe? Pardon the paranoia but I just switched over from windows

bobtomay · Jan 13, 2010

Read the first post in this thread. It is still quite accurate even though several years old. It provides all the info you need to decide whether you want to run an a/v or not. The vast majority of us do not.

Yes, you will be required to enter your password anytime changes are made to system files. Just one of the many things which makes any 'nix' based system inherently safer.

You'll be able to "see" any other wireless network that is broadcasting it's SSID. You wouldn't be able to connect to them if they are password protected and they would not be able to connect to your computer unless you access their network.

New2TheMac · Jan 14, 2010

Hello again! Thanks to that post I now understand what I should do in regards to the antivirus situation. I do have two more questions however.

1. Is it safer to have the firewall set to block all incoming connections or stealth mode?

2. If I were to use a program like Little Snitch to monitor outgoing connections or however you'd phrase it, just what would I look for in terms of seeing something bad?

bobtomay · Jan 14, 2010

1. Most recommendations will be to run the firewall in stealth mode. I do not now, nor have I run a software firewall on any of my personal computers in several years. In my own experience, they are a pitr and cause more issues than I have ever seen them solve. I leave those duties to the router and check it out to make sure it's working from time to time. (edit: I should add, I do turn on the Firewall when I'm out and about at a hotel or some other open to all network.)

Please note, I do not download any type of pirated, illegal or questionable data/software from the internet. I also do not run any application that's been sent to me via e-mail. I don't open any downloaded software or email attachments on a Windows machine without the file having been scanned first.

My first home computer was in '81 and as of this date, I have never had a virus, worm, trojan on any of my personal machines. (This does not count my wife's machines.) The closest I came was after a trip to Kinko's years ago to use one of their computers for an app I didn't own at the time. When I got home, scanned the floppy before I tried moving my data back onto the machine and yes, the floppy had become infected. Maintaining a clean computer really is easy to do with proper practices.

2. I tried Little Snitch. Every program it notified me about were indeed applications I had purposefully installed on my machine with full knowledge that they would phone home on occasion. I ended up deleting it.

Personally, just don't see the need for it unless you want to control when the apps you have installed are allowed to phone home.

mtbinva · Feb 3, 2010

While delving and diving through the thread discussions, I have one comment, and one question.

First off, for "experienced Mac users" on this forum, have a little more compassion in regard to questions. Just because the first post is still as valid today as it was then, does not mean a switcher would readily be able to make that connection or leap. quite frankly, like many switchers and myself, I've been burned in the past with issues regarding trojans and other malware. Now this is not meant as a flame, or to pick on anyone, just a bit of compassion and patience for us newbs.

Second, I am a Litigation technology Specialist (electronic discovery, digital forensics), and a mechanical Design engineer, the latter for 20 years. I work, albeit, sadly now, with PC's in every conceivable configuration you could imagine, along with different file types etc...so on and so forth. I came across an article discussing this very issue in a trade magazine. I ask the more experienced Mac users to weigh in on this article.

Again, this is simply for clarification and to tap into the knowledge of the more experienced users

cwa107 · Feb 3, 2010

I saw that article yesterday and I think what they've asked the experts to weigh in on is way too broad of a topic. They're not talking specifically about malware, as much as they're discussing security in general. A number of the experts are again espousing the same story of "security through obscurity", which has been proven time and again as a myth.

Without getting into the seminal matter of Mac vs. Windows, I will simply present some facts that should allow anyone to make an informed choice as it relates to the topic of this thread, Anti-Virus and Firewall.

1. There are no known viruses in the wild for Mac OS X.
2. There are two trojans (very different from a virus in that they use social engineering to convince an ignorant user to install them). Both of which are blocked by measures built into 10.6.
3. Mac OS X uses a state-of-the art Discretionary Access Control system to protect the operating system, which inhibits the effectiveness of any malware (i.e. the user can not touch anything outside of their own home directory without giving explicit permission to elevate the rights of a program). In other words, creating malware would be a lot of trouble to go to knowing that it's unlikely to be able to do any real damage.
4. All anti-malware products for Mac OS X scan mostly for Windows maladies that will not execute on OS X. In my opinion, a $70/year subscription is a lot of money to pay to protect others against viruses that you may pass on, but are not actually susceptible to.

As it relates to firewall software...

1. Even with the Mac OS X firewall turned off, OS X does not respond to port scanning on any well-known ports.
2. With the firewall turned on and in "stealth" mode, OS X does not respond to any network requests at all, including ICMP echo.
3. The Mac OS X firewall will prompt the user if an application attempts to open a port and listen.

So, in summary, I don't believe it's prudent at this time to run anti-virus software or purchase any special security software. But I do recommend the following (and I know there are others that may disagree with me on the firewall, since most people are protected by a NAT firewall at their router or modem):

1. Before you install any software downloaded from the Internet, make sure you trust the source of the software. Also, make sure you know what the program is and what it does.
2. If you install any software download from the Internet, be particularly cautious about installing it if you are prompted for your password during the installation (this means that the software wants to modify system directories or files).
3. Turn on your OS X firewall in the Security preferences pane. Go into Advanced and enable "Stealth Mode". This makes your computer invisible on any network you might happen to connect to, and therefore will make it that much more difficult for a motivated hacker to locate to do any damage to.
4. Keep your software and operating system up-to-date. When prompted to update a software package, particularly things like Java, Flash and other web-enabled technologies.

If you'd like me to expand upon any of these statements, let me know.

mtbinva · Feb 3, 2010

cwa107 said:
I saw that article yesterday and I think what they've asked the experts to weigh in on is way too broad of a topic. They're not talking specifically about malware, as much as they're discussing security in general. A number of the experts are again espousing the same story of "security through obscurity", which has been proven time and again as a myth.

Without getting into the seminal matter of Mac vs. Windows, I will simply present some facts that should allow anyone to make an informed choice as it relates to the topic of this thread, Anti-Virus and Firewall.

1. There are no known viruses in the wild for Mac OS X.
2. There are two trojans (very different from a virus in that they use social engineering to convince an ignorant user to install them). Both of which are blocked by measures built into 10.6.
3. Mac OS X uses a state-of-the art Discretionary Access Control system to protect the operating system, which inhibits the effectiveness of any malware (i.e. the user can not touch anything outside of their own home directory without giving explicit permission to elevate the rights of a program). In other words, creating malware would be a lot of trouble to go to knowing that it's unlikely to be able to do any real damage.
4. All anti-malware products for Mac OS X scan mostly for Windows maladies that will not execute on OS X. In my opinion, a $70/year subscription is a lot of money to pay to protect others against viruses that you may pass on, but are not actually susceptible to.

As it relates to firewall software...

1. Even with the Mac OS X firewall turned off, OS X does not respond to port scanning on any well-known ports.
2. With the firewall turned on and in "stealth" mode, OS X does not respond to any network requests at all, including ICMP echo.
3. The Mac OS X firewall will prompt the user if an application attempts to open a port and listen.

So, in summary, I don't believe it's prudent at this time to run anti-virus software or purchase any special security software. But I do recommend the following (and I know there are others that may disagree with me on the firewall, since most people are protected by a NAT firewall at their router or modem):

1. Before you install any software downloaded from the Internet, make sure you trust the source of the software. Also, make sure you know what the program is and what it does.
2. If you install any software download from the Internet, be particularly cautious about installing it if you are prompted for your password during the installation (this means that the software wants to modify system directories or files).
3. Turn on your OS X firewall in the Security preferences pane. Go into Advanced and enable "Stealth Mode". This makes your computer invisible on any network you might happen to connect to, and therefore will make it that much more difficult for a motivated hacker to locate to do any damage to.
4. Keep your software and operating system up-to-date. When prompted to update a software package, particularly things like Java, Flash and other web-enabled technologies.

If you'd like me to expand upon any of these statements, let me know.

The reason for the quote, is that hopefully, someone beside myself who appreciates your input, will read it.

That was the about as perfect answer to a question as I can get. To further touch on what you had stated, the one thing i have not see, possibly to avoid the one better than the other argument, is the use of dynamically linked libraries. That seems to me, in and of itself, more of a security issue than OSX based solely on the actual function of that file type.

Thoughts?

I also agree, it was way too broad of a topic. I also thought some of the "experts" used a lot of big words to say absolutely nothing. This is purely a subjective opinion based on my experiences.....

cwa107 · Feb 3, 2010

mtbinva said:
That was the about as perfect answer to a question as I can get. To further touch on what you had stated, the one thing i have not see, possibly to avoid the one better than the other argument, is the use of dynamically linked libraries. That seems to me, in and of itself, more of a security issue than OSX based solely on the actual function of that file type.

Thoughts?

Absolutely. It's particularly easy to hide a trojan in a DLL, since most DLLs are transparent to an end user. Additionally, it's so easy to mask malicious software in the form of a DLL since when one looks at the process list, they'll only see the generic "rundll32.exe" and not the actual executable code.

Again, I don't want to get into the whole Mac vs. Windows thing. But it seems to me that there is a lot of unnecessary complexity in Windows that makes it easier to exploit (DLLs are but one example, the mere fact that Microsoft hasn't gotten away from the Registry concept is mind-boggling).

I also agree, it was way too broad of a topic. I also thought some of the "experts" used a lot of big words to say absolutely nothing. This is purely a subjective opinion based on my experiences.....

I agree - and at the very least, you have to question the motives of the "subject matter expert". If you're primarily an anti-virus vendor, you need to keep the sheep in the pen, so to speak. Even if that means scaring people for not good reason.

mtbinva · Feb 3, 2010

Absolutely understand. I can see the frustration of the more mature mac user in re the subject matter on best practices. Lord knows these practices also correspond to general practices to keep viri, malware, spyware etc... off ones MS system.

And, I understand about the not getting into the debate MS v OSX, however, for a switcher, it makes good sense to sometimes show inherent differences in the OS's. To me it validates the security and anti-virus software issue.

To me, the packaged software methodology for this OS is absolutely a great concept. That's why the article made me question the purported experts used in the article in the first place. While I am technically oriented (and that's what I do for a living), the standard user may not know the "under the hood" aspects of why the need for antivirus software is not really necessary for a Mac.

Again, Thanks.

chas_m · Feb 5, 2010

cwa107's post was, in my opinion, as near perfect as any I've seen and should be considered the last word on the topic, with one TINY, NIT-PICKY exception, the very one he pointed out some people would have in his article -- regarding the "need" to turn on the software firewall.

Given what he himself says about OS X's inbuilt security, I don't agree with his suggestion to turn the software firewall on. If you're behind a router that has NAT (ie all of them on the market for the last few years), you already have a far superior *hardware* firewall (as he points out himself). Adding another firewall on top isn't going to make you safer, and it opens up the possibility of communication or port problems with things like VPN, FTP, iChat, BitTorrent, Internet gaming and so forth.

I'd say that unless you are uber paranoid or doing something that MAKES you paranoid on the net, leave the software firewall OFF.

But again, BRAVO to cwa107 for a staggeringly well-written, brilliantly clear and factually unassailable post that totally puts this topic to bed.

mtbinva · Feb 5, 2010

chas_m said:
But again, BRAVO to cwa107 for a staggeringly well-written, brilliantly clear and factually unassailable post that totally puts this topic to bed.

I would have to agree!

cwa107 · Feb 5, 2010

chas_m said:
cwa107's post was, in my opinion, as near perfect as any I've seen and should be considered the last word on the topic, with one TINY, NIT-PICKY exception, the very one he pointed out some people would have in his article -- regarding the "need" to turn on the software firewall.

Well thank you, I'm flattered.

I did put that little disclaimer in there in light of our conversation, and for what it's worth, I agree - it's not critical for exactly the reasons you mentioned. But as I said, I do think it's worth it if you hop between networks and if you're willing to accept the risk of potential issues with software that doesn't play nicely with it.

Vyper007 · Feb 15, 2010

Just on the whole Antivirus/Firewall debate, I'd recommend two products that have been useful for me in the past.

Firstly on the firewall front I'd say Little Snitch was a must have application, whilst your mac firewall (if turned on) by default will block inbound connections, it does nothing to block outbound connections or apps that 'talk home', so I got hold of a copy of Little Snitch which then gives you a greater control of just whats talking back out onto the internet. Potentially this could also warn you about a virus as it would attempt to spread and as such Little Snitch could help detect outbound connections, at which point you could block the attempt.

On the virus front nobody as mentioned iAntivirus by PC Tools, this app is actually free, and claims to minimise performance impact by ignoring Windows viruses and just protecting you against specific Mac threats. In theory if you dont have Windows machines on your network that have no anti virus of their own then iAntivirus maybe all you actually need. I ran the product for a few months and to be honest it never found a threat, I dont know if thats just because I'm generally careful anyway with what I download etc. But if AV protection is something your in favour of then its worth a look.

Anyway just wanted to put my two penneth in.

Have fun all, keep Mac'ing !

New2TheMac · Feb 16, 2010

Hello again everyone. I decided to try out iantivirus in January just for kicks I suppose. So far it has found nothing. However, a day or two ago I noticed it would no longer update and the website will no longer load for me in Firefox. I'm hoping this is their fault and not mine. Could you please go to iantivirus' website and tell me whether or not it will load for you?

Their website is www.iantivirus.com

I hope I didn't mess up any settings or get anything on my computer that would keep me from accessing iantivirus' website. I haven't given my Mac password for anything except for software updates and installing programs which I know are safe.

New2TheMac · Feb 28, 2010

I know there are no Mac viruses in the wild, but what about keyloggers? And I should probably know this before asking if there are keyloggers in the wild, but when someone says "in the wild" in regards to viruses, that means you won't get one just by going to a website, right? I think it does but I just want to be sure.

The Official Mac AntiVirus and Firewall FAQ

rudeboyyouth

cwa107

DrEwTiMe42o

cwa107

OnceYouGoMac

New2TheMac

bobtomay

,

New2TheMac

bobtomay

,

mtbinva

cwa107

mtbinva

cwa107

mtbinva

chas_m

Guest

mtbinva

cwa107

Vyper007

New2TheMac

New2TheMac

Shop Amazon